CYBER WARS: Year-Long Cyber-Assault May have Compromised Entire U.S. National Security System

The prolonged hacking into the White House Office of Personnel Management, which put the personal information of at least some 21.5 million past and current federal employees in jeopardy, is only the beginning of the security threat to the Obama Administration and its successors, a number of top-level experts in cybersecurity have told Fox News. The attack has been frequently sourced as coming from China.

The experts warned that the entire U.S. national security clearance system could be compromised, that future senior government leaders and advisors could be targeted even before taking office, and hundreds, perhaps thousands, of government officials might successfully be blackmailed, bribed or otherwise manipulated in the future into handing over still more sensitive information.

The identity disaster could also weaken the U.S. in any time of military confrontation: “If we choose to engage in conflict, we are in a much weaker position,” one expert concluded.

The threat could include intruders already in the government whose security credentials were stealthily enhanced during the OPM intrusion, which may have lasted a year before it was detected last April.

“There may be people walking around with higher levels of clearance than they should have,” said one of the experts. “I believe the entire national security apparatus is now at risk. It’s mind-boggling.”

“It’s the digital equivalent of Pearl Harbor,” another expert told Fox News. “Because people don’t see the carnage, they don’t recognize that this is the equivalent of an act of war. This is about espionage—Cold War tactics in the modern digital age.”

The experts consulted by Fox News were former government officials with deep knowledge of federal information systems and experience with national security issues, who had worked in top positions in both the Obama and George W. Bush administrations. In some cases they requested anonymity to express their views.

The experts were skeptical — to put it mildly– that the Obama Administration did anything significant to stem the disaster during a much-touted “30-Day Cybersecurity Sprint” announced in the wake of the hacking at the Office of Personnel Management (OPM). That exercise ended on July 12.

“They are saying ‘The horse has left the barn, let’s lock the door,’ ” declared Theresa Payton, who served as White House Chief Information Officer from 2006 to 2008, and now runs her own cyber-security consulting firm, Fortalice Solutions. “This is an unrecoverable situation. Our most sensitive data is in bad peoples’ hands.”

At the time, the White House declared that the sprint objectives were among other things to bolster cybersecurity defenses, “patch critical vulnerabilities without delay” and “dramatically accelerate” the installation of more sophisticated user sign-ins and verification.

Even before the sprint ended White House Chief Information Officer Tony Scott was lauding the effort for “dramatically” hiking the use of so-called multi-factor authentication among higher-level government users — to a bureaucracy-wide average of 20 per cent.

After it ended, a spokesman for the White House Office of Management and Budget told Fox News that “OMB is still assessing and analyzing the data received from agencies as part of the sprint. Once our team has completed the analysis we will release a progress report.”

On the basis of its announced efforts, “I honestly think the government is paralyzed,” one expert told Fox News. “They don’t know what to do.”

In underlining the sweeping nature of the national security challenge that the hacking assault has created, one expert drew a timeline of the intrusion that apparently began at OPM in March, 2014.

In August 2014, a firm named USIS that did background checks for the Department of Homeland Security was also hacked, and files stolen; in December 2014, Keypoint, a company that took over background checking from USIS, was also breached.Last June, OPM revealed that information on some 4.2 million government employees had been stolen, and this month upped the tally to some 21.5 million, while revealing that the Standard Form 86 material had been hacked as well.

“If you take the three breaches together, you can see what leverage people have over us now,” the expert concluded.

Taken together, the forms contained in the OPM databases contain everything from Social Security numbers to fingerprints, financial and employment history, data about friends, spouses and other family members.